Security update for Shellshock

In the past 24 hours, a security vulnerability has been discovered in a shell interpreter that Raspbmc ships and uses, called Bash. This vulnerability allows command injection which could lead to remote code execution. The risk of your system being exploited is minimal, but it is better to be safe than sorry. I’m currently on vacation, but I got a little time to push this fix.

This fix resolves CVE 2014-6271. There is still another, less severe vulnerability, but a patch has not been issued by Red Hat yet. As soon as it is, I will include this as well.

To get the fix for this vulnerability, please reboot your device. If you have updates on, you will want to turn these on.

If you’d like to check you’re all patched, up you can do so via SSH:

env x='() { :;}; echo This Raspbmc device is vulnerable'  bash -c "echo Testing vulnerability"

If your system is secure, the message ‘This Raspbmc device is vulnerable will not be printed’

Raspbmc’s August update with XBMC 13.2 Gotham

Hi,

XBMC 13.2 is here. This brings the following fixes:

  • Fix for accented letters
  • Updated included addons
  • Updated GUI translations
  • Fixes for several bugs and memory leaks

You can read the full release notes over at the XBMC site here.

There are also some Raspbmc improvements

  • Fix for crash when encoding certain JPEGs (thanks Dom)
  • Fix for temporary sync issues and loss of audio
  • Fix issues with some PVR addons not being available in the former build.

XBMC has renamed to Kodi, OSMC is superseding Raspbmc.

I recently posted how XBMC has renamed to Kodi and Raspbmc is being superseded by OSMCMartijn over at Team-XBMC says that this may be the last release for XBMC 13 (Gotham). However I’d like to reassure users that Raspbmc is still maintained and updated until at least the end of the year. Further, although there may not be any more upstream releases of XBMC 13, there will be for Raspbmc, as we backport fixes to this build.

Here’s a sneak peak at the new look of OSMC (you can join the discussion here)

OSMC

To get the update, all you need to do is reboot your Raspberry Pi. If you’re running an XBMC nightly, be sure to switch to ‘xbmc release’ in Raspbmc Settings to get back on the stable build.

If you enjoy Raspbmc, and this update, and would like to support continued development (which will help OSMC too), you can make a donation here.

Enjoy!

XBMC renames to ‘Kodi’

You may have already heard that XBMC has decided to rename itself to Kodi. This follows on the former name no longer being relevant as well as various legal issues. A few people have been curious about what this means for Raspbmc, so I thought I’d take some time to cover this. As you know, Raspbmc’s successor will be named OSMC and run on multiple platforms (including CuBox-i, Intel NUC, Android and iOS). I’ve been planning Raspbmc’s successor for just under a year, and some of you may remember it was actually going to be called linXBMC. The need for a name change in May is now I’m sure, quite self explanatory.

All in all, a name is just a name, and you’ll still have that great XBMC experience underneath the hood.

I hope this clears things up

Sam